WingNews logo WingNews
top | item 36130906

(no title)

roundandround | 2 years ago

I'm curious to see, but I don't think the algorithm for calculating the password from the identifier would be very sophisticated. Assuming they didn't want to add costs to prevent easy retrieval of any secret key from the device, a complex algorithm would be kind of a waste.

discuss

order

nneonneo|2 years ago

I mean, even something as simple as `md5("very-long-secret-only-phillips-knows" + uid)[:4]` would be effectively unguessable. Not hard if you have the code for the firmware, but nigh-impossible otherwise.

roundandround|2 years ago

If one person has access once and publishes it, the work of setting up a proper md5 was a waste compared to an xor.

netsec_burn|2 years ago

The Sonicare app lets you download the latest firmware blob. So all you'd do is intercept it and find the function responsible for generating the password.